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DETAILED ACTION 

1. Applicant's amendment dated September 21 , 2007, responding to the 
Office action mailed March 21, 2007 provided in the rejection of claims 1-46, 
wherein claims 1 and 24 are amended. 

Claims 1-46 remain pending in the application and which have been fully 
considered by the examiner. 

There are NO revised drawings received. 

Applicant's arguments with respect to claims rejection have been fully considered 
but are moot in view of the new grounds of rejection - see Softricity, art made of record, 
as applied hereto. 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
MPEP § 706.07(a). 

Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until 
after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension 
fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of the advisory 
action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 
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Drawing Objections 

2. Drawing is objected to because the following informalities: 

• The labels of "No" and "Yes" associated with step "182" (conditional 
diamond box - "Is process list processed ID in OS process list"), 
Fig. 6, should be corrected as opposite way. 

Appropriate correction is required. 

Claim Objections 

3. Claims 4-5 and 28-29 are objected to because the following informalities: 

• "repeating component hooker injection for all the new secured 
application process;", claim 4, line 56, should be corrected as 
"repeating component hooker injection for all the new secured 
application process.". 

• "for the termination of each said secured run-time application;", claim 
5, line 64, should be corrected as "for the termination of each said 
secured run-time application.". 

• "repeating component hooker injection for all the new secured 
application process;", claim 28, line 221, should be corrected as 
"repeating component hooker injection for all the new secured 
application process.". 
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• "for the termination of each said secured run-time application;", claim 
29, line 229, should be corrected as "for the termination of each said 
secured run-time application.". 

Appropriate correction is required. 

Claim Rejections - 35 USC § 103(a) 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject nnatter 
sought to be patented and the prior art are such that the subject matter as a whole would 
have been obvious at the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be negatived by the manner 
in which the invention was made 

4. Claims 1-7, 9-30, and 32-46 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Blaser et al. (Pat. No. US 7,1 1 7,495 B2) (hereinafter 'Blaser') 
in view of Softricity®, Inc., {Softricity SystemGurad®, October 2002, Softricity®, 
Inc., pp, 1-2) (hereinafter ^Softricity' - art made of record) 

5- As to claim 1 (Currently Amended), Blaser discloses a system for 
executing application software (e.g., Fig. 1, element 104 - Applications; Fig. 2, 
element 200 - Application) on a operating system within a secured run-time 
environment (e.g., Col. 1 1 , Lines 20-38 - Secure Applications; Col. 1 1 , Line 63 
through Col. 12, Line 7 - Secure Base OS; Col. 13, Lines 1-4, 16-23) without 
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affecting an application software resources of a client computer (e.g., Col. 7, 
Lines 24-34; CoL 13, Lines 30-33), the system comprising: 

• an application wrapper (e.g., Fig. 1 , element 106 - Layering System 
Libraries/Software; Fig. 2, elements 202 - Layer B, 204 - Layer A; Fig. 3, 
elements 300 - FSL (File System Layer) Management Application, 306 - FSL 
API Library, 310 - FSL Compression Library, 312 - FSL System Driver), 
wherein the application wrapper shields the application software resources 
(e.g., Col. 4. Lines 15-26 - layering system libraries and/or software 
intercepts files system and registry access from applications), whereby the 
secured run-time environment for executing the application software is 
created and the application software resources are protected (e.g., Col. 1 1 , 
Lines 20-38 - Secure Applications; Col. 1 1 , Line 63 through Col. 12, Line 7 - 
Secure Base OS; Col. 13, Lines 1-4, 16-23); and 

• the application wrapper further comprising a privatized virtual file resource 
created from an operating system file system (e.g., Fig. 3; Col. 13, Line 58 
through CoL 14, Line 1 1 - an FSL system driver is installed "on top" of the 
operating system in order to have first processing priority for file system 
accesses), a privatized virtual registry created from an operating system 
registry system (e.g., Fig. 3; Col. 13, Line 58 through Col. 14, Line 1 1 - an 
FSL system driver is installed "on top" of the operating system in order to 
have first processing priority for registry), a privatized operating system 
shared component resource (e.g., Col. 5, Lines 18-32; CoL 6, Line 62 through 
Col. 7, Line 17), a privatized application configuration resource (e.g.. Col. 2, 
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Lines 50-52 - having facilities for providing configuration settings to 
applications; Col. 3, Lines 42-46, 51-58; Col. 4, Lines 23-26 - a layer 
manager application may be provided to permit control and configuration of 
the layering system software through a management API and library; Col. 5, 
Lines 23-29; Col. 7. Lines 48-53; Col. 9, Lines 6-11; Col. 11, Lines 16-19) and 
a privatized environmental resources for application variables (e.g., Col. 8, 
Lines 48-61 - for example, Windows operating systems set the "WINDIR" 
environment variable to the location of the OS system subtree...; Col. 8. Line 
67 through Col. 9, Line 1 1 ). 

Although Blaser discloses that applications can be protected from 
unauthorized access through the use of a layer system (e.g.. Col. 1 1 , Lines 20- 
22) but does not explicitly disclose the followings: 

• wherein the application software only access the privatized virtual 
file resource; and 

• wherein the application software only accesses the privatized 
virtual registry. 

However, in an analogous art of Softricity SystemGurad®, Softricity discloses 
the followings: 

• wherein the application software only access the privatized virtual 
file resource (e.g.. Fig. of 'SoftGrid® Environment'; Sec. of 
*SystemGuard® Capabilities', Sub-Sec. of Virtual File Svstem ' - 
SystemGurad® also handles requests made by applications to files 
In specific directories bv redirecting the requests . For example, if an 
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application looks for a file located in a specific directory on the local 
C drive, SvstemGurad® can redirect any requests to that directory 
inside of its virtual file system ): and 

• wherein the application software only accesses the privatized 
virtual registry (e.g., Fig. of 'SoftGrid® Environment'; Sec. of 
'SystemGuard® Capabilities', Sub-Sec. of Virtual Registry ' - 
SystemGurad® creates a virtual Registry for each application. 
Registry settings created cannot be seen by other applications ). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the 
time the invention was made to combine the teachings of Softricity into the 
Blaser's system to further provide the followings in Blaser system: 

• wherein the application software only access the privatized virtual 
file resource; and 

• wherein the application software only accesses the privatized 
virtual registry. 

The motivation is that it would further enhance the Blaser's system by 
taking, advancing and/or incorporating Softricit/s system which offers significant 
advantages that with the SoftGrid® solution, software deployment is simplified 
and the problem of application and operating system instability is alleviated, 
since applications are never installed on computers. Instead, applications run 
inside Softricity®'s patent-pending SystemGuard® Virtual Environment which 
protects the computer's operating system from any alterations and enable' the 
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application to run intact as once suggested by Softricity (e.g., Sec. of 'Tlie 
Solution: Stop Installing Software'). 

6. As to claim 2 (Original) (incorporating the rejection in claim 1), Blaser 
discloses privatized virtual file resource (e.g.. Col. 16, Line 1 1 through Col. 18, 
Line 12 - File System Calls) further comprising: 

• intercepting file I/O request generated by one or more processes (e.g.. Fig. 5, 
step 502 - "wait for read request"; Fig. 6, step 602 - "wait for write request"); 

• establishing a process ID for the intercepted file I/O request (e.g., Col. 9, 
Lines 34-38, 58-63; Col. 30, Lines 52-53, 58-61 ); 

• comparing process ID to establish operating system process and secured 
run-time process (e.g.. Fig. 5, step 504 - "is file reference maintained in an 
enabled layer?"; Fig. 6, step 604 - "is file reference to be captured to an 
enabled layer?"; Col. 6, Lines 37-39; Col. 15, Lines 16-26); 

• establishing a process ID as operating system process and secured run-time 
process (e.g., Col. 9, Lines 34-38, 58-63; Col. 30, Lines 52-53, 58-61); 

• servicing the file I/O request for all process ID established as secured run- 
time process (e.g., Fig. 5, steps 508, 510, 512; Fig. 6, steps 608, 610, 612); 
redirecting the file I/O request to operating system service for process ID 
established as operating system process (e.g., Fig. 5, step 506 - "use 
reference of request to execute regular read"; Fig. 6, step 606 - "use 
reference of request to execute regular write"; Col. 4, Lines 15-26; Col. 9, 
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Lines 29-33; Col. 14, Line 64 through Col. 15, Line 3; Col. 15, Line 66 through 
Col. 16, Line 3; Col. 16, Lines 41-44; Col. 17, Lines 5-13, 24-28); 

• rejecting the file I/O request on secured run-time process resources for 
process ID established as operating system process (e.g.. Col. 4, Lines 15- 
26; Col. 9, Lines 29-33; Col. 14, Line 64 through Col. 15, Line 3; Col. 15, Line 
66 through Col. 16, Line 3; Col. 16, Lines 41-44; Col. 17, Lines 5-13, 24-28); 

• comparing process ID established as secured run-time process to further . 
establish process resources corresponding to process ID (e.g.. Col. 15, Lines 
16-26); 

• establishing corresponding process resources within secured run-time 
resources (e.g., Fig. 5, steps 508, 510, 512; Fig. 6, steps 608, 610, 612); and 

• rejecting the file I/O request on secured run-time process resources for 
process ID established as secured run-time process and process ID belongs 
to other process resources (e.g.. Col. 4, Lines 15-26; Col. 9, Lines 29-33; 
Col. 14, Line 64 through Col. 15, Line 3; Col. 15, Line 66 through Col. 16, 
Line 3; Col. 16. Lines 41-44; Col. 17, Lines 5-13, 24-28). 

7. As to claim 3 (Original) (incorporating the rejection in claim 1 ), Blaser 
discloses privatized virtual registry (e.g.. Col. 18 Line 13 through Col. 20, Line 18 
- Registry Calls) further comprises: 
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• privatizing virtual registry system by intercepting registry I/O request 
generated by several process (Fig. 7, step 702 - "waiting for request for 
registry setting"; Col. 6, Lines 33-37); 

• establishing process ID for the intercepted registry I/O request (e.g., Col. 9, 
Lines 34-38, 58-63; Col. 30, Lines 52-53, 58-61); 

• comparing process ID to establish operating system process and secured 
run-time process (e.g.. Fig. 7, step 704 - "is registry request to be captured to 
an enabled layer?"; Col. 6, Lines 37-39; Col. 15, Lines 16-26); 

• establishing process ID as operating system process and secured run-time 
process (e.g.. Fig. 7, step 708 - identify destination layer; Col. 6, Lines 41- 
43); 

• servicing the registry I/O request for all process ID established as secured 
run-time process (e.g.. Fig. 7, elements 712 - create virtual registry setting in 
layer, 716- create delete entry in virtual registry, or delete entry if Isolated to 
layer, 720 - set virtual registry setting in layer; Col. 6, Lines 44-55); 

• redirecting the registry I/O request to operating system service for process ID 
established as operating system process (e.g., Fig. 7, element 706 - execute 
normal registry function; Col. 6, Lines 39-41; Col. 14, Line 64 through Col. 15, 
Line 3; Col. 15, Lines 16-26; Col. 15, Line through Col. 16, Line 11 - the 
structures and hooks); 

• rejecting the registry I/O request on secured mn-time process resources for 
process ID established as operating system process (e.g., Fig. 7, element 
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706 - execute normal registry function; Col. 6, Lines 39-41 ; Col. 15, Lines 16- 
26); 

• comparing process ID established as secured run-time process to further 
establish process resources corresponding to process ID (e.g.. Col. 15, Lines 
16-26); 

• establishing corresponding process resources within secured run-time 
resources (e.g., Fig. 7, elements 712, 716, 720); and 

• rejecting the registry I/O request on secured run-time process resources for 
process ID established as secured run-time process and process ID belongs 
to other process resources (e.g., Fig. 7, elements 706 - execute normal 
registry function; CoL 6, Lines 39-41 , 708 - identify destination layer; Col. 6, 
Lines 41-43). 



8. As to clainn 4 (Original) (incorporating the rejection in claim 1), Blaser 
discloses privatizing operating system shared component resource (e.g., Col. 5, 
Lines 18-32; Col. 6, Line 62 through Col. 7, Line 17) further comprising: 

• searching secured application process for injecting component hooker (e.g., 
Col. 9, Lines 43-46; Col. 15, Line 46 through CoL 16, Line 11); 

• checking the secured application process to establish whether the process is 
injected with component hooker (e.g., Col. 16, Lines 36-38, 45-47); 
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• establishing the secured application process as new secured application 
process for the secured application process not injected with component 
hooker (e.g., Col. 8, Lines 11-18; Col. 19, Lines 28-36); 

• injecting component hooker to new secured application process to intercept 
component process (e.g., Fig. 3, element 312 - FSL System Driver; Col. 9, 
Lines 6-11; Col. 13, Line 62 through Col. 14, Line 2; Col. 15, Lines 42-44 - all 
of the file system entry points are hooked in; the drives to be redirected are 
hooked in; all of the Registry entry points are hooked in); 

• repeating component hooker injection for all the new secured application 
process (e.g., Col. 12, Lines 29-31). 

9. As to claim 5 (Original) (incorporating the rejection in claim 1), Blaser 
discloses privatizing operating system shared component resource further 
comprising: 

• Initializing component redirection table to provide component redirecting 
information (e.g., Fig. 7, element 712 - create virtual registry setting in layer; 
CoL 14, Lines 17-22, 30-31 - FileRedirect, 36-37 - RegRedirect; Col. 20, 
lower portion for Function/Description List - FSLCreateQ - create the layer 
redirection area in the file system); 

• Registering virtual component required for the secured application (e.g., Fig. 
7, element 716 - set virtual registry setting in layer; CoL 27 - 
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Function/Description List - FSLSetLayerlnfoQ - if fileRedirect is specified, set 
the value of the proper registry value... create the redirect root keys..); 

• Adding redirecting information to the component redirection table for the 
execution of each selected the secured run-time application (e.g., Col. 25 - 
Function/Description list - FSLRegCreateKeyExQ - create a registry path to 
the layer's redirection area using the layer's redirect path, its name, .... 
Create the key in the redirection area); 

• Removing component redirecting information from the component redirection 
table for the termination of each the secured run-time application (e.g., Fig. 7, 
element 716 - delete entry if isolated to layer). 

10. As to claim 6 (Original) (incorporating the rejection in claim 1 ), Blaser 
discloses privatizing operating system shared component resource further 
comprising: 

• intercepting component process function for replacing component search path 
with secured application resource path (e.g., Fig. 5, element 502; Fig. 6, 
element 602; Fig. 7, element 702); 

• replacing component search path with private resource path to load the 
component from the secured application resource path (e.g.. Col. 5, Lines 60- 
64; Col. 6, Lines 12-17; Col. 8. Lines 48-52); and 
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• creating new process for the intercepted component with the replaced 
secured application resource path (e.g., Col. 15, Lines 58-60; Col. 16, Lines 
19-48; Col. 16, Line 53 through Col. 17, Line 36; Col. 18, Lines 26-61). 

11. As to claim 7 (Original) (incorporating the rejection in claim 1), Blaser 
discloses privatizing operating system shared component resource further 
comprising: 

• intercepting component call for replacing component registry path with the 
privatized virtual registry path (e.g.. Fig. 7, element 702); 

• searching component redirection table for the component redirecting 
information (e.g., Col. 18, Lines 26-28; Col. 19. Lines 24-26; Col. 19, Line 37 
through Col. 20, Line 3); 

• replacing component registry path with the privatized virtual registry path 
retrieved from the component redirection table (e.g., Col. 15, Lines 58-60; 
Col. 16. Lines 19-48; Col. 16, Line 53 through Col. 17, Line 36; Col. 18, Lines 
26-61); 

• returning the intercepted call to the requested call with the replaced secured 
application registry path for addressing the component location from the 
privatized virtual registry system and further the component is addressed to 
load from the privatized virtual file system (e.g.. Fig. 7, element 708; Col. 6, 
Lines 41-43); 
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• redirecting the component call as it is to the requested call for the component 
call originated from non secured run-time application and for the component 
call, which do not have redirecting information in the component redirection 
table (e.g., Fig. 7, element 706 - "execute normal registry function"; Col. 6, 
Lines 39-41). 

12. As to claim 9 (Original) (incorporating the rejection in claim 1 ), Blaser 
discloses privatized application configuration resource further comprises: 

• monitoring file I/O request for configuration file to provide separate 
configuration file (e.g., Fig. 5, element 502; Fig. 6, element 602; Col. 9, Lines 
6-11); 

• searching and retrieving configuration file from secured application resources 
(e.g., Col. 2, Lines 50-52 - having facilities for providing configuration settings 
to applications; Col. 3, Lines 42-46, 51-58; Col. 4, Lines 23-26 - a layer 
manager application may be provided to permit control and configuration of 
the layering system software through a management API and library); and 

• serving application configuration file to requesting process (e.g., CoL 5, Lines 
23-29; Col. 7, Lines 48-53; Col. 1 1 , Lines 1 6-1 9). 

13. As to claim 10 (Original) (incorporating the rejection in claim 1), Blaser 
discloses privatized environmental resources (e.g., Col. 8, Lines 48-61 - for 
example, Windows operating systems set the "WINDIR" environment variable to 
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the location of the OS system subtree...; Col. 8, Line 67 through Col. 9, Line 11) 
further comprises: 

• intercepting environment variable request to supply private values to secured 
application process (e.g., Fig. 5, element 502; Fig. 6, element 602; Col. 9, 
Lines 6-11); 

• verifying process ID to establish the process ID as operating system process 
or secured application process (e.g., Fig. 5, step 504 - "is file reference 
maintained in an enabled layer?"; Fig. 6, step 604 - "is file reference to be 
captured to an enabled layer?"; Col. 6. Lines 37-39; Col. 15, Lines 16-26); 

• redirecting the call for process ID established as operating system process 
(e.g., Fig. 5, element 506; Fig. 6, element 606); 

• reading variable data from secured application resource and returning the 
value to requested process for read variable calls requested by the secured 
application process (e.g., Fig. 5, element 512; Col. 5, Lines 60-64) ; 

• searching the requesting write variable In secured application resource to find 
the presence of requesting write variable (e.g.. Col. 23 - Function/Description 
List - FSLFindCloseVariableQ, FSLFindFirstVariableQ, 
FSLFindNextVariableQ, FSLGetVariableQ)] 

• creating variable with variable data within secured application resource and 
returning the status to requested process for variable do not exist in secured 
application resource (e.g., Col. 20, lower portion - Function/Description List- 
FSLAddVariable())\ and 
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• updating variable with variable data within secured application resource and 
returning the status to requested process for variable exist in secured 
application resource (e.g., Col. 8, Line 61 through Col. 9, Line 4). 

14. As to claim 11 (Original) (incorporating the rejection in claim 1), Blaser 
discloses the application wrapper further comprises selectively allowing the 
application software to interact operating system resources directly during the 
application software executing under the secured run-time environment (e.g., Fig. 
3. element 304 - Other Applications; Col. 14, Lines 6-1 1 ). 

15. As to claim 12 (Original) (incorporating the rejection in claim 1), Blaser 
discloses the application Wrapper further comprises selectively allowing the 
application software to interact with other application software resources directly 
during the application software executing under the secured run-time 
environment (e.g., Fig. 3, element 304 - Other Applications; Col. 14. Lines 6-1 1 ). 

16. As to claim 13 (Original) (incorporating the rejection in claim 1), Blaser 
discloses the application wrapper further comprises providing a run-time 
environment to the application software that is visible to an operating system run- 
time environment without having the application software run-time resources, 
whereby the application software resources is simulated to the secured run-time 
environment during the execution of the application software (e.g., Col. 12, Lines 
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8-20 - all further changes are recorded to a layer and not to the underlying file 
systems and OS resources). 

17. As to claim 14 (Original) (incorporating the rejection in claim 13), Blaser 
discloses the system and method further comprising means (e.g.. Fig. 1, element 
106 - Layering System Libraries/Software; Fig. 2, elements 202 - Layer B, 204 - 
Layer A; Fig. 3, elements 300 - FSL (File System Layer) Management 
Application. 306 - FSL API Library, 310 - FSL Compression Library. 312 - FSL 
System Driver) for protecting the behavior of the application software from other 
application and the operating system (e.g.. Col. 11, Lines 20-38 - Secure 
Applications; Col. 1 1 , Line 63 through Col. 12, Line 7 - Secure Base OS; Col. 13, 
Lines 1-4, 16-23). 

18. As to claim 15 (Original) (incorporating the rejection in claim 13), Blaser 
discloses the system and method further comprising means (e.g., Fig. 1, element 
106 - Layering System Libraries/Software; Fig. 2, elements 202 - Layer B, 204 - 
Layer A; Fig. 3, elements 300 - FSL (File System Layer) Management 
Application, 306 - FSL API Library, 310 - FSL Compression Library, 312 - FSL 
System Driver) for eliminating the application conflicts from other running 
application software (e.g.. Col. 2, Lines 42-46; Col. 3. Lines 51-58; Col. 8. Lines 
11-18). 
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19. As to claim 16 (Original) (incorporating the rejection in claim 13), Blaser 
discloses the system and the method further comprising means for executing 
multiple instance of the single application software (e.g.. Col. 8, Lines 6-11). 

20. As to claim 17 (Original) (incorporating the rejection in claim 1). Blaser 
discloses the system and the method wherein the application wrapper further 
comprising maintaining the application software resources away from the 
operating system resources (e.g.. Col. 4. Lines 15-26 - layering system libraries 
and/or software intercepts files system and registry access from applications), 
whereby the operating system resources is protected from the application 
software resources (e.g., Col. 1 1 , Lines 20-38 - Secure Applications; Col. 1 1 , 
Line 63 through Col. 12, Line 7 - Secure Base OS; Col. 13, Lines 1-4, 16-23). 

21. As to claim 18 (Original) (incorporating the rejection in claim 1), Blaser 
discloses the system and the method wherein the application wrapper further 
comprises permitting full access to the application software that requires to 
access for variation occurs to the application software resources within the 
application wrapper (e.g.. Col. 4, Lines 15-26; Col. 8, Lines 19-23, 48-55). 

22. As to claim 19 (Original) (incorporating the rejection in claim 18), Blaser 
discloses the system and the method further comprising means for keeping the 
state of secured run-time environment to the application software (e.g.. Col. 6, 
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Lines 3-10; Col. 7, Lines 9-12; Col. 10, Lines 2-24; Col. 11, Line 63 through Col. 
12, Line 7). 

23. As to claim 20 (Original) (incorporating the rejection in claim 18), Blaser 
discloses the system and the method further comprising means for updating the 
application software resources required by the application software (e.g., Col. 5, 
Lines 18-32 - shared libraries, system acciessible configuration, and version 
control are managed by the layering subsystem). 

24. As to claim 21 (Original) (incorporating the rejection in claim 1), Blaser 
discloses the system and the method wherein the application wrapper monitors 
the application run-time request to determine the required the application 
software resources for execution (e.g., Fig. 1, element 106 - Layering System 
Libraries/Software; Col. 4, Lines 15-26). 

25. As to claim 22 (Original) (incorporating the rejection in claim 21), Blaser 
discloses the system and the method further comprising means for receiving the 
application software resources to execute the application software in the secured 
run-time environment (e.g.. Fig. 1, element 106 - Layering System 
Libraries/Software; Fig. 2, elements 202 - Layer B, 204 - Layer A; Fig. 3, 
elements 300 - FSL (File System Layer) Management Application, 306 - FSL 
API Library, 310 - FSL Compression Library. 312 - FSL System Driver). 
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26, As to claim 23 (Original) (incorporating the rejection in claim 21 ), Blaser 
discloses the system and the method further comprising means for incrementally 
executing the application software in the secured run-time environment (e.g., Col. 
3, Line 59 through Col. 4, Line 6; Col. 5, Lines 18-32 - shared libraries, system 
accessible configuration, and version control are managed by the layering 
subsystem). 

27. As to claim 24 (Currently Amended), Blaser discloses a method for 
executing application software on a operating system within a secured run-time 
environment (e.g.. Col. 1 1 , Lines 20-38 - Secure Applications; Col. 1 1 , Line 63 
through Col. 12, Line 7 - Secure Base OS; Col. 13, Lines 1-4, 16-23) without 
affecting an application software resources of a client computer (e.g.. Col. 7, 
Lines 24-34; Col. 13, Lines 30-33), the client computer comprising an application 
wrapper (Fig. 1, element 106 - Layering System Libraries/Software; Fig. 2, 
elements 202 - Layer B, 204 - Layer A; Fig. 3. elements 300 - FSL (File System 
Layer) Management Application, 306 - FSL API Library, 310 - FSL Compression 
Library, 312 - FSL System Driver), wherein the application wrapper shields the 
application software resources (e.g., Col. 4, Lines 15-26 - layering system 
libraries and/or software intercepts files system and registry access from 
applications), whereby a the secured run-time environment for executing an the 
application software is created and the application software resources Is 
protected (e.g.. Col. 1 1 , Lines 20-38 - Secure Applications; Col. 1 1 , Line 63 
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through Col. 12, Line 7 - Secure Base OS; Col. 13, Lines 1-4, 16-23), the 
method further comprising: 

• privatizing virtual file resource created from an operating system file system 
(e.g., Fig. 3; Col. 13, Line 58 through Col. 14, Line 1 1 - an FSL system driver 
is installed "on top" of the operating system in order to have first processing 
priority for file system accesses); 

• • privatizing virtual registry created from an operating system registry system 

(e.g.. Fig. 3; Col. 13, Line 58 through Col. 14, Line 11 - an FSL system driver 
is installed "on top" of the operating system in order to have first processing 
priority for registry); 

• privatizing operating system shared component resource (e.g., Col. 5, 
Lines 18-32; Col. 6, Line 62 through Col. 7, Line 17); 

• privatizing application configuration resource (e.g., Col. 2. Lines 50-52 
- having facilities for providing configuration settings to applications; 
Col. 3, Lines 42-46, 51-58; Col. 4, Lines 23-26 - a layer manager 
application may be provided to permit control and configuration of the 
layering system software through a management API and library; Col. 
5, Lines 23-29; Col. 7, Lines 48-53; Col. 9, Lines 6-11; Col. 11. Lines 
16-19); and 

• privatizing environmental resources for application variables (e.g., Col. 
8, Lines 48-61 - for example, Windows operating systems set the 
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'WINDIR" environment variable to the location of the OS system 

subtree...; Col. 8, Line 67 through Col. 9, Line 11). 
Although Blaser discloses that applications can be protected from 
unauthorized access through the use of a layer system (e.g., Col. 1 1 , Lines 20- 
22) but does not explicitly disclose the followings: 

• wherein the application software only access the privatized virtual 
file resource; and 

• wherein the application software only accesses the privatized 
virtual registry. 

However, in an analogous art of Softricity SystemGurad®, Softricity discloses 
the followings: 

• wherein the application software only access the privatized virtual 
file resource (e.g.. Fig. of 'SoftGrid® Environment; Sec. of 
'SystemGuard® Capabilities', Sub-Sec. of Virtual File Svstem ' - 
SystemGurad® also handles requests made by applications to files 
in specific directories bv redirecting the requests . For example, if an 
application looks for a file located in a specific directory on the local 
C drive, SystemGurad® can redirect any requests to that directory 
inside of its virtual file svstem ): and 

• wherein the application software only accesses the privatized 
virtual registry (e.g., Fig. of 'SoftGrid® Environment'; Sec. of 
'SystemGuard® Capabilities'. Sub-Sec. of Virtual Registry ' - 
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SystemGurad® creates a virtual Registry for each application. 

Registry settings created cannot be seen by other applications ). 
Therefore, it would have been obvious to one of ordinary skill in the art, at the 
time the invention was made to combine the teachings of Softricity into the 
Blaser's system to further provide the followings inBlaser system: 

• wherein the application software only access the privatized virtual 
file resource; and 

• wherein the application software only accesses the privatized 
virtual registry. 

The motivation is that it would further enhance the Blaser's system by 
taking, advancing and/or incorporating Softricity's system which offers significant 
advantages that with the SoftGrid® solution, software deployment is simplified 
and the problem of application and operating system instability is alleviated, 
since applications are never installed on computers. Instead, applications run 
inside Softricitv®'s patent-pending SvstemGuard® Virtual Environment which 
protects the computer's operating system from any alterations and enable* the 
application to run intact as once suggested by Softricity (e.g., Sec. of The 
Solution: Stop Installing Software'). 



28. As to claim 25 (Original) (incorporating the rejection in claim 24), please 
refer to claim 2 as set forth accordingly. 
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29. As to claim 26 (Original) (incorporating the rejection in claim 24), please 
refer to claim 3 as set forth accordingly. 

30. As to claim 27 (Original) (incorporating the rejection in claim 24), please 
refer to claim 6 as set forth accordingly. 

31. As to claim 28 (Original) (incorporating the rejection in claim 24), please 
refer to claim 4 as set forth accordingly. 

32. As to claim 29 (Original) (incorporating the rejection in claim 24), please 
refer to claim 5 as set forth accordingly. 

33. As to claim 30 (Original) (incorporating the rejection in claim 24), please 
refer to claim 7 as set forth accordingly. 

34. As to claim 32 (Original) (incorporating the rejection in claim 24), please 
refer to claim 9 as set forth accordingly. 

35. As to claim 33 (Original) (incorporating the rejection in claim 24), please 
refer to claim 10 as set forth accordingly. 

36. As to claim 34 (Original) (incorporating the rejection in claim 24), please 
refer to claim 11 as set forth accordingly. 
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37. As to claim 35 (Original) (incorporating the rejection in claim 24), please 
refer to claim 12 as set forth accordingly. 

38. As to claim 36 (Original) (incorporating the rejection in claim 24), please 
refer to claim 13 as set forth accordingly. 

39. As to claim 37 (Original) (incorporating the rejection in claim 36), please 
refer to claim 14 as set forth accordingly. 

40. As to claim 38 (Original) (incorporating the rejection in claim 36), please 
refer to claim 15 as set forth accordingly. 

41. As to claim 39 (Original) (incorporating the rejection in claim 36), please 
refer to claim 16 as set forth accordingly. 

42. As to claim 40 (Original) (incorporating the rejection in claim 24), please 
refer to claim 17 as set forth accordingly. 



43. As to claim 41 (Original) (incorporating the rejection in claim 24), please 
refer to claim 18 as set forth accordingly. 
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44. As to claim 42 (Original) (incorporating the rejection in claim 41), please 
refer to claim 19 as set forth accordingly. 

45. As to claim 43 (Original) (incorporating the rejection in claim 41), please 
refer to claim 20 as set forth accordingly. 

46. As to claim 44 (Original) (incorporating the rejection in claim 24), please 
refer to claim 21 as set forth accordingly. 

47. As to claim 45 (Original) (incorporating the rejection in claim 44), please 
refer to claim 22 as set forth accordingly. 

48. As to claim 46 (Original) (incorporating the rejection in claim 44), please 
refer to claim 23 as set forth accordingly. 

49. Claims 8 and 31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Blaser in view of Softricity and further in view of Osman et al., 
{The Design and Implementation of Zap: A System for Migrating Computing 
Environments, 2002, ACM, pp. 361-376) (hereinafter 'Osman') and Galen C. 
Hunt (Pub. No. US 2002/0072830 A1) (hereinafter 'Hunt') 

50. As to claim 8 (Original) (incorporating the rejection in claim 1), although 
Blaser discloses hooking/redirected structures (e.g., Col. 15. Line 38 through Col. 
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20, Line 18) and its intercept/redirected mechanism for file system and registry 
accesses from applications (e.g., Col. 4, Lines 15-26), but Blaser and Softricity 
do not explicitly disclose privatizing operating system shared component 
resource further comprising intercepting the RPC message call for replacing 
component information with privatized virtual component information; searching 
component redirecting information from the component redirection table; 
replacing RPC message with the privatized virtual component infomriation 
retrieved from the component redirection table; returning the intercepted RPC 
message call to the requested call with the replaced message; continuing the 
RPC call to locate the privatized virtual component through SCM; redirecting the 
RPC message call as it is to the requested call for the component call originated 
from non secured run-time application and for the component call, which do not 
have redirecting information in the component redirection table. 

However, in an analogous art of a system for migrating computing 
environments, Osman discloses intercepting the RPC message call for replacing 
component information with privatized virtual component information (e.g., Table 
1 - Pod principles applied to resources - Network Resource; Sec. 4 - Zap 
Architecture, 2"^ Para., Lines 1-12; Sec. 4.5 - Network Virtualization and 
Migration, 1^^ Para., Lines 4-11; 8*^ Para., Lines 1-8 - connection virtualization 
works by intercepting system calls for connection setup requests from the 
application to the transport protocol and replacing relevant physical addresses 
with virtual address); searching component redirecting information from the 
component redirection table; replacing RPC message with the privatized virtual 
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component information retrieved from the component redirection table returning 
the intercepted RPC message call to the requested call with the replaced 
message (e.g., Sec. 4.5 - Network Virtualization and Migration, 9*^ Para., Lines 
1-9 - Connection translation works by intercepting packets below the transport 
protocol layer and translating the virtual address in the packet headers to 
physical address). 

Therefore, it would have been obvious to one of ordinary skill in the art, at 
the time the invention was made to combine the teachings of Osman into the 
Blaser-Softricity's system to further provide intercepting the RPC message call 
for replacing component information with privatized virtual component 
information; searching component redirecting information from the component 
redirection table; replacing RPC message with the privatized virtual component 
information retrieved from the component redirection table; returning the 
intercepted RPC message call to the requested call with the replaced message in 
Blaser-Softricity's system. 

The motivation is that it would enhance the Blaser-Softricity's system by 
taking, advancing and/or incorporating Osman's system which provides a 
framework for network virtualization as once suggested by Osman (e.g., Sec. 4.5 
- Network Virtualization and Migration, 1®* Para.). 

Although Osman discloses network virtualization (e.g., Sec. 4.5) but 
Blaser, Softricity and Osman do not explicitly disclose continuing the RPC call to 
locate the privatized virtual component through SCM; redirecting the RPC 
message call as it is to the requested call for the component call originated from 
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non secured run-time application and for the component call, which do not have 
redirecting information in the component redirection table. 

However, in an art of dynamic classification of sections of software. Hunt 
discloses the protocol stack, protocol information for remote communication, the 
DCOM network protocol which is a superset of Open Group's Distributed 
Computing Environment Remote Procedure Call (DCE RPC) protocol, and 
Service Control Manager; All of them are the essential building blocks for 
distributed Windows applications (e.g., [0076], Lines 21-33; Fig. 4, elements 
108/144 - Service Control Manager, 120 - DCOM Network Protocol). 

Further, Hunt discloses continuing the RPC call (e.g., [0077], Lines 1-6. 
21-33 - the proxy and stub typically include a protocol stack and protocol 
information for remote communication, for example, the DCOM network protocol, 
which is a superset of the Open Group's Distributed Computing Environment 
Remote Procedure Call (DCE RPC) protocol) to locate the privatized virtual 
component through SCM; redirecting the RPC message call as it is to the 
requested call for the component call originated from non secured run-time 
application and for the component call, which do not have redirecting information 
in the component redirection table (e.g., Fig. 4, elements 108, 144 - Service 
Control Manager; [0073] - after instantiation, DCOM supports cross-process or 
cross-machine communication; [0074] - a local service control manager 
connects to a remote service control manager, which requests creation of the 
component through the "CoCreatelnstance" API). 
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Therefore, it would have been obvious to one of ordinary skill in the art, at 
the time the invention was made to combine the teachings of Hunt into the 
Blaser-Softricity-Osman system to further provide continuing the RPC call to 
locate the privatized virtual component through SCM; redirecting the RPC 
message call as it is to the requested call for the component call originated from 
non secured run-time application and for the component call, which do not have 
redirecting information in the component redirection table in Blaser- Softricity- 
Osman's system. 

The motivation is that it would enhance the Blaser-Softricity-Osman*s 
system by taking, advancing and/or incorporating Hunt's system which is coupled 
with a distributed object system such as Microsoft™ Corporation's Distributed 
Component Object Model (DCOM™) to further provide system services that 
support execution of distributed application once suggested by Hunt (e.g., 
[0005]). 

51. As to claim 31 (Original) (incorporating the rejection in claim 24), please 
refer to claim 8 as set forth accordingly. 
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Conclusion 



52. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Ben C. Wang whose telephone number is 
571-270-1240. The examiner can normally be reached on Monday - Friday, 8:00 
a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Tuan Q. Dam can be reached on 571-272-3695. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272r1000. 
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